idnits 2.17.1 draft-ietf-softwire-map-radius-23.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == Line 1243 has weird spacing: '...uration tlv ...' -- The document date (May 14, 2019) is 1803 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 2 warnings (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Softwire S. Jiang, Ed. 3 Internet-Draft Huawei Technologies Co., Ltd 4 Intended status: Standards Track Y. Fu, Ed. 5 Expires: November 15, 2019 CNNIC 6 B. Liu 7 Huawei Technologies Co., Ltd 8 P. Deacon 9 IEA Software, Inc. 10 C. Xie 11 China Telecom 12 T. Li 13 Tsinghua University 14 M. Boucadair, Ed. 15 Orange 16 May 14, 2019 18 RADIUS Attributes for Address plus Port (A+P) based Softwire Mechanisms 19 draft-ietf-softwire-map-radius-23 21 Abstract 23 IPv4-over-IPv6 transition mechanisms provide IPv4 connectivity 24 services over IPv6 native networks during the IPv4/IPv6 co-existence 25 period. DHCPv6 options have been defined for configuring clients for 26 Lightweight 4over6, Mapping of Address and Port with Encapsulation, 27 and Mapping of Address and Port using Translation unicast softwire 28 mechanisms, and also multicast softwires. However, in many networks, 29 configuration information is stored in an Authentication, 30 Authorization, and Accounting server which utilizes the RADIUS 31 protocol to provide centralized management for users. When a new 32 transition mechanism is developed, new RADIUS attributes need to be 33 defined correspondingly. 35 This document defines new RADIUS attributes to carry Address plus 36 Port based softwire configuration parameters from an Authentication, 37 Authorization, and Accounting server to a Broadband Network Gateway. 38 Both unicast and multicast attributes are covered. 40 Status of This Memo 42 This Internet-Draft is submitted in full conformance with the 43 provisions of BCP 78 and BCP 79. 45 Internet-Drafts are working documents of the Internet Engineering 46 Task Force (IETF). Note that other groups may also distribute 47 working documents as Internet-Drafts. The list of current Internet- 48 Drafts is at https://datatracker.ietf.org/drafts/current/. 50 Internet-Drafts are draft documents valid for a maximum of six months 51 and may be updated, replaced, or obsoleted by other documents at any 52 time. It is inappropriate to use Internet-Drafts as reference 53 material or to cite them other than as "work in progress." 55 This Internet-Draft will expire on November 15, 2019. 57 Copyright Notice 59 Copyright (c) 2019 IETF Trust and the persons identified as the 60 document authors. All rights reserved. 62 This document is subject to BCP 78 and the IETF Trust's Legal 63 Provisions Relating to IETF Documents 64 (https://trustee.ietf.org/license-info) in effect on the date of 65 publication of this document. Please review these documents 66 carefully, as they describe your rights and restrictions with respect 67 to this document. Code Components extracted from this document must 68 include Simplified BSD License text as described in Section 4.e of 69 the Trust Legal Provisions and are provided without warranty as 70 described in the Simplified BSD License. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 75 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 76 3. New RADIUS Attributes . . . . . . . . . . . . . . . . . . . . 6 77 3.1. Softwire46-Configuration Attribute . . . . . . . . . . . 7 78 3.1.1. Softwire46 Attributes . . . . . . . . . . . . . . . . 8 79 3.1.1.1. Softwire46-MAP-E Attribute . . . . . . . . . . . 10 80 3.1.1.2. Softwire46-MAP-T Attribute . . . . . . . . . . . 10 81 3.1.1.3. Softwire46-Lightweight-4over6 Attribute . . . . . 11 82 3.1.2. Softwire46 Sub-Attributes . . . . . . . . . . . . . . 11 83 3.1.3. Specification of the Softwire46 Sub-Attributes . . . 12 84 3.1.3.1. Softwire46-Rule Attribute . . . . . . . . . . . . 12 85 3.1.3.2. Softwire46-BR Attribute . . . . . . . . . . . . . 13 86 3.1.3.3. Softwire46-DMR Attribute . . . . . . . . . . . . 13 87 3.1.3.4. Softwire46-V4V6Bind Attribute . . . . . . . . . . 14 88 3.1.3.5. Softwire46-PORTPARAMS Attribute . . . . . . . . . 14 89 3.1.4. Sub-Attributes for Sofwtire46-Rule . . . . . . . . . 15 90 3.1.4.1. Rule-IPv6-Prefix Attribute . . . . . . . . . . . 15 91 3.1.4.2. Rule-IPv4-Prefix Attribute . . . . . . . . . . . 16 92 3.1.4.3. EA-Length Attribute . . . . . . . . . . . . . . . 16 93 3.1.5. Attributes for Softwire46-v4v6Bind . . . . . . . . . 17 94 3.1.5.1. IPv4-address Attribute . . . . . . . . . . . . . 17 95 3.1.5.2. Bind-IPv6-Prefix Attribute . . . . . . . . . . . 17 96 3.1.6. Attributes for S46-PORTPARAMS . . . . . . . . . . . . 18 97 3.1.6.1. PSID-offset Attribute . . . . . . . . . . . . . . 18 98 3.1.6.2. PSID-len Attribute . . . . . . . . . . . . . . . 19 99 3.1.6.3. PSID Attribute . . . . . . . . . . . . . . . . . 19 100 3.2. Softwire46-Priority Attribute . . . . . . . . . . . . . . 20 101 3.2.1. Softwire46-Option-Code . . . . . . . . . . . . . . . 21 102 3.3. Softwire46-Multicast Attribute . . . . . . . . . . . . . 22 103 3.3.1. ASM-Prefix64 Attribute . . . . . . . . . . . . . . . 23 104 3.3.2. SSM-Prefix64 Attribute . . . . . . . . . . . . . . . 24 105 3.3.3. U-Prefix64 Attribute . . . . . . . . . . . . . . . . 24 106 4. A Sample Configuration Process with RADIUS . . . . . . . . . 24 107 5. Table of Attributes . . . . . . . . . . . . . . . . . . . . . 27 108 6. Security Considerations . . . . . . . . . . . . . . . . . . . 28 109 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 28 110 7.1. New RADIUS Attributes . . . . . . . . . . . . . . . . . . 28 111 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 29 112 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 30 113 8. Contributing Authors . . . . . . . . . . . . . . . . . . . . 30 114 9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 31 115 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 32 116 10.1. Normative References . . . . . . . . . . . . . . . . . . 32 117 10.2. Informative References . . . . . . . . . . . . . . . . . 33 118 Appendix A. DHCPv6 to RADIUS Field Mappings . . . . . . . . . . 35 119 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field 120 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 35 121 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings . . . 35 122 A.3. OPTION_S46_DMR (91) to Softwire46-DMR . . . . . . . . . . 35 123 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind . . . . . 35 124 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field 125 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 126 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field 127 Mappings . . . . . . . . . . . . . . . . . . . . . . . . 36 128 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast 129 Attribute Field Mappings . . . . . . . . . . . . . . . . 36 130 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 36 132 1. Introduction 134 Providers have started deploying and transitioning to IPv6. Several 135 IPv4 service continuity mechanisms based on the Address plus Port 136 (A+P) [RFC6346] have been proposed for providing unicast IPv4 over 137 IPv6-only infrastructure, such as Mapping of Address and Port with 138 Encapsulation (MAP-E) [RFC7597], Mapping of Address and Port using 139 Translation (MAP-T) [RFC7599], and Lightweight 4over6 [RFC7596]. 140 Also, [RFC8114] specifies a generic solution for the delivery of IPv4 141 multicast services to IPv4 clients over an IPv6 multicast network. 142 For each of these mechanisms, DHCPv6 options have been specified for 143 client configuration. 145 In many networks, user configuration information is stored in an 146 Authentication, Authorization, and Accounting (AAA) server. AAA 147 servers generally communicate using the Remote Authentication Dial In 148 User Service (RADIUS) [RFC2865] protocol. In a fixed broadband 149 network, a Broadband Network Gateway (BNG) acts as the access gateway 150 for users. That is, the BNG acts as both an AAA client to the AAA 151 server, and a DHCPv6 server for DHCPv6 messages sent by clients. 152 Throughout this document, the term BNG describes a device 153 implementing both the AAA client and DHCPv6 server functions. 155 Since IPv4-in-IPv6 softwire configuration information is stored in an 156 AAA server, and user configuration information is mainly transmitted 157 through DHCPv6 protocol between the BNGs and Customer Premises 158 Equipment (CEs, a.k.a., CPE), new RADIUS attributes are needed to 159 propagate the information from the AAA servers to BNGs. 161 The RADIUS attributes defined in this document provide configuration 162 to populate the corresponding DHCPv6 options for unicast and 163 multicast softwire configuration, specifically: 165 o "Mapping of Address and Port with Encapsulation (MAP-E)" [RFC7597] 166 (DHCPv6 options defined in [RFC7598]. 168 o "Mapping of Address and Port using Translation (MAP-T)" [RFC7599] 169 (DHCPv6 options defined in [RFC7598]. 171 o "Lightweight 4over6: An Extension to the Dual-Stack Lite 172 Architecture" [RFC7596] (DHCPv6 options defined in [RFC7598]. 174 o "Unified IPv4-in-IPv6 Softwire Customer Premises Equipment (CPE): 175 A DHCPv6-Based Prioritization Mechanism" [RFC8026]. 177 o "Delivery of IPv4 Multicast Services to IPv4 Clients over an IPv6 178 Multicast Network" [RFC8114] (DHCPv6 options defined in [RFC8115]. 180 The contents of the attributes defined in this document have a 1:1 181 mapping into the fields of the various DHCPv6 options in [RFC7598], 182 [RFC8026], and [RFC8115]. Table 1 shows how the DHCPv6 options map 183 to the corresponding RADIUS attribute. For detailed mappings between 184 each DHCPv6 option field and the corresponding RADIUS Attribute or 185 field, see Appendix A. 187 +----------------------------+--------------------------------+ 188 | DHCPv6 Option | RADIUS Attribute | 189 +----------------------------+--------------------------------+ 190 | OPTION_S46_RULE (89) | Softwire46-Rule | 191 | OPTION_S46_BR (90) | Softwire46-BR | 192 | OPTION_S46_DMR (91) | Softwire46-DMR | 193 | OPTION_S46_V4V6BIND (92) | Softwire46-v4v6Bind | 194 | OPTION_S46_PORTPARAMS (93) | Softwire46-PORTPARAMS | 195 | OPTION_S46_PRIORITY (111) | Softwire46-Priority Attribute | 196 | OPTION_V6_PREFIX64 (113) | Softwire46-Multicast Attribute | 197 +----------------------------+--------------------------------+ 199 Table 1: Mapping between DHCPv6 Options and RADIUS Attributes 201 A RADIUS attribute for Dual-Stack Lite [RFC6333] is defined in 202 [RFC6519]. 204 2. Terminology 206 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 207 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 208 "OPTIONAL" in this document are to be interpreted as described in 209 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, 210 as shown here. 212 The reader should be familiar with the concepts and terms defined in 213 [RFC7596], [RFC7597], [RFC7599], and [RFC8026]. 215 The terms "multicast Basic Bridging BroadBand" element (mB4) and 216 "multicast Address Family Transition Router" element (mAFTR) are 217 defined in [RFC8114]. 219 Softwire46 (S46) is used throughout to denote any of the IPv4-in-IPv6 220 softwire mechanisms listed above. Additionally, the following 221 abbreviations are used within the document: 223 o BMR: Basic Mapping Rule 225 o BNG: Broadband Network Gateway 227 o BR: Border Relay 229 o CE: Customer Edge 231 o DMR: Default Mapping Rule 233 o EA: Embedded Address 234 o FMR: Forwarding Mapping Rule 236 o PSID: Port Set Identifier 238 o TLV: Type, Length, Value 240 o MAP-E: Mapping of Address and Port with Encapsulation 242 o MAP-T: Mapping of Address and Port using Translation 244 3. New RADIUS Attributes 246 This section defines the following attributes: 248 1. Softwire46-Configuration Attribute (Section 3.1): 250 This attribute carries the configuration information for MAP-E, 251 MAP-T, and Lightweight 4over6. The configuration information for 252 each Softwire46 mechanism is carried in the corresponding 253 Softwire46 attributes. Different attributes are required for 254 each Softwire46 mechanism. 256 2. Softwire46-Priority Attribute (Section 3.2): 258 Depending on the deployment scenario, a client may support 259 several different Softwire46 mechanisms and so request 260 configuration for more than one Softwire46 mechanism at a time. 261 The Softwire46-Priority Attribute contains information allowing 262 the client to prioritize which mechanism to use, corresponding to 263 OPTION_S46_PRIORITY defined in [RFC8026]. 265 3. Softwire46-Multicast Attribute (Section 3.3): 267 This attribute conveys the IPv6 prefixes to be used in [RFC8114] 268 to synthesize IPv4-embedded IPv6 addresses. The BNG uses the 269 IPv6 prefixes returned in the RADIUS Softwire46-Multicast 270 Attribute to populate the DHCPv6 PREFIX64 Option [RFC8115]. 272 All of these attributes are allocated from the RADIUS "Extended Type" 273 code space per [RFC6929]. 275 All of these attribute designs follow [RFC6158] and [RFC6929]. 277 This document adheres to [RFC8044] for defining the new RADIUS 278 attributes. 280 3.1. Softwire46-Configuration Attribute 282 This attribute is of type "tlv", as defined in the RADIUS Protocol 283 Extensions [RFC6929]. It contains some sub-attributes, with the 284 following requirements: 286 The Softwire46-Configuration Attribute MUST contain one or more of 287 the following attributes: Softwire46-MAP-E, Softwire46-MAP-T, and/ 288 or Softwire46-Lightweight-4over6. 290 The Softwire46-Configuration Attribute conveys the configuration 291 information for MAP-E, MAP-T, or Lightweight 4over6. The BNG 292 SHALL use the configuration information returned in the RADIUS 293 attribute to populate the DHCPv6 Softwire46 Container Option 294 defined in Section 5 of [RFC7598]. 296 The Softwire46-Configuration Attribute MAY appear in an Access- 297 Accept packet. It MAY also appear in an Access-Request packet. 299 The Softwire46-Configuration Attribute MAY appear in a CoA-Request 300 packet. 302 The Softwire46-Configuration Attribute MAY appear in an 303 Accounting-Request packet. 305 The Softwire46-Configuration Attribute MUST NOT appear in any 306 other RADIUS packet. 308 The Softwire46-Configuration Attribute MUST only encapsulate one 309 or more of the Softwire46 attributes defined in this document. 311 The Softwire46-Configuration Attribute is structured as follows: 313 Type 314 241 (To be confirmed by IANA). 316 Length 317 Indicates the total length, in bytes, of all fields of 318 this attribute, including the Type, Length, Extended-Type, 319 and the entire length of the embedded attributes. 321 Extended-Type 322 TBD1 324 Value 325 Contains one or more of the following attributes. Each attribute 326 type may appear at most once: 328 Softwire46-MAP-E 329 For configuring MAP-E clients. For the construction of 330 this attribute, refer to Section 3.1.1.1. 332 Softwire46-MAP-T 333 For configuring MAP-T clients. For the construction of 334 this attribute, refer to Section 3.1.1.2. 336 Softwire46-Lightweight-4over6 337 For configuring Lightweight 4over6 clients. For the 338 construction of this attribute, refer to Section 3.1.1.3. 340 The Softwire46-Configuration Attribute is associated with the 341 following identifier: 241.Extended-Type(TBD1). 343 3.1.1. Softwire46 Attributes 345 The Softwire46 attributes can only be encapsulated in the 346 Softwire46-Configuration Attribute. Depending on the deployment 347 scenario, a client might request for more than one transition 348 mechanism at a time. There MUST be at least one Softwire46 attribute 349 encapsulated in one Softwire46-Configuration Attribute. There MUST 350 be at most one instance of each type of Softwire46 attribute 351 encapsulated in one Softwire46-Configuration Attribute. 353 There are three types of Softwire46 attributes, namely: 355 1. Softwire46-MAP-E (Section 3.1.1.1) 357 2. Softwire46-MAP-T (Section 3.1.1.2) 359 3. Softwire46-Lightweight 4over6 (Section 3.1.1.3) 360 Each type of Softwire46 attribute contains a number of sub- 361 attributes, defined in Section 3.1.3. The hierarchy of the 362 Softwire46 attributes is shown in Figure 1. Section 3.1.2 describes 363 which sub-attributes are mandatory, optional, or not permitted for 364 each defined Softwire46 attribute. 366 /1.Rule-IPv6-Prefix 367 S / | 368 o / | 1.Softwire46-Rule -----+ 2.Rule-IPv4-Prefix 369 f | Softwire46-MAP-E--+ | 370 t | | 2.Softwire46-BR | 3.EA Length 371 w | | \ 372 i | | /1.PSID-offset 373 r | | | 374 e | | 5.Softwire46-PORTPARAMS -----+ 2.PSID-len 375 - | \ | 376 C | | 3.PSID 377 o | \ 378 n | 379 f | /1.Rule-IPv6-Prefix 380 i | / | 381 g | | 1.Softwire46-Rule------+ 2.Rule-IPv4-Prefix 382 u | Softwire46-MAP-T--+ | 383 r | | 3.Softwire46-DMR | 3.EA Length 384 a | | \ 385 t | | /1.PSID-offset 386 i | | | 387 o | | 5.Softwire46-PORTPARAMS------+ 2.PSID-len 388 n | \ | 389 | | 3.PSID 390 A | \ 391 t | 392 t | /1.IPv4-address 393 r | / | 394 i | | 4.Softwire46-v4v6Bind -----+ 2.Bind-IPv6-Prefix 395 b | Softwire46- | \ 396 u | Lightweight-4over6+ /1.PSID-offset 397 t \ | | 398 e | 5.Softwire46-PORTPARAMS ----+ 2.PSID-len 399 \ | 400 | 3.PSID 401 \ 403 Figure 1: Softwire46 Attributes Hierarchy 405 3.1.1.1. Softwire46-MAP-E Attribute 407 Softwire46-MAP-E attribute is designed for carrying the configuration 408 information for MAP-E. The structure of Softwire46-MAP-E is shown 409 below: 411 TLV-Type 412 1 414 TLV-Length 415 Indicates the length of this attribute, including 416 the TLV-Type, TLV-Length, and TLV-Value fields. 418 TLV-Value 419 Contains a set of sub-attributes, with the following requirements: 421 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 423 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 425 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 427 3.1.1.2. Softwire46-MAP-T Attribute 429 Softwire46-MAP-T attribute is designed for carrying the configuration 430 information for MAP-T. The structure of Softwire46-MAP-T is shown 431 below: 433 TLV-Type 434 2 436 TLV-Length 437 Indicates the length of this attribute, including 438 the TLV-Type, TLV-Length, and TLV-Value fields. 440 TLV-Value 441 Contains a set of sub-attributes, with the following requirements: 443 It MUST contain Softwire46-Rule, defined in Section 3.1.3.1. 445 It MUST contain Softwire46-DMR, defined in Section 3.1.3.3. 447 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 449 3.1.1.3. Softwire46-Lightweight-4over6 Attribute 451 Softwire46-Lightweight-4over6 attribute is designed for carrying the 452 configuration information for Lightweight 4over6. The structure of 453 Softwire46-Lightweight-4over6 is shown below: 455 TLV-Type 456 3 458 TLV-Length 459 Indicates the length of this attribute, including 460 the TLV-Type, TLV-Length, and TLV-Value fields. 462 TLV-Value 463 Contains a set of sub-attributes as follows: 465 It MUST contain Softwire46-BR, defined in Section 3.1.3.2. 467 It MUST contain Softwire46-V4V6Bind, defined in Section 3.1.3.4. 469 It MAY contain Softwire46-PORTPARAMS, defined in Section 3.1.3.5. 471 3.1.2. Softwire46 Sub-Attributes 473 Table 2 shows which encapsulated sub-attributes are mandatory, 474 optional, or not permitted for each defined Softwire46 attribute. 476 +-----------------------+-------+-------+--------------------+ 477 | Sub-Attributes | MAP-E | MAP-T | Lightweight 4over6 | 478 +-----------------------+-------+-------+--------------------+ 479 | Softwire46-BR | 1 | 0 | 1 | 480 | Softwire46-Rule | 1 | 1 | 0 | 481 | Softwire46-DMR | 0 | 1 | 0 | 482 | Softwire46-V4V6Bind | 0 | 0 | 1 | 483 | Softwire46-PORTPARAMS | 0-1 | 0-1 | 0-1 | 484 +-----------------------+-------+-------+--------------------+ 486 Table 2: Softwire46 Sub-Attributes 488 The following table defines the meaning of Table 2 entries. 490 0 Not Permitted 491 0-1 Optional, zero or one instance of the attribute 492 may be present. 493 1 Mandatory 495 3.1.3. Specification of the Softwire46 Sub-Attributes 497 3.1.3.1. Softwire46-Rule Attribute 499 Softwire46-Rule can only be encapsulated in Softwire46-MAP-E 500 (Section 3.1.1.1) or Softwire46-MAP-T (Section 3.1.1.2). Depending 501 on the deployment scenario, one Basic Mapping Rule (BMR) and zero or 502 more Forwarding Mapping Rules (FMRs) MUST be included in one 503 Softwire46-MAP-E or Softwire46-MAP-T. 505 Each type of Softwire46-Rule also contains a number of sub- 506 attributes, including Rule-IPv6-Prefix, Rule-IPv4-Prefix, and EA- 507 Length. The structure of the sub-attributes for Softwire46-Rule is 508 defined in Section 3.1.4. 510 Defining multiple TLV-types achieves the same design goals as the 511 "Softwire46 Rule Flags" defined in Section 4.1 of [RFC7598]. Using 512 TLV-type set to 5 is equivalent to setting the F-flag in the 513 OPTION_S46_RULE S46 Rule Flags field. 515 TLV-Type 516 4 Basic Mapping Rule only (not to be used for forwarding) 517 5 Forwarding Permitted Mapping Rule 519 TLV-Length 520 Indicates the length of this attribute, including 521 the TLV-Type, TLV-Length, and TLV-Value fields. 523 Data Type 524 The attribute Softwire46-Rule is of type tlv (Section 3.13 of 525 [RFC8044]). 527 TLV-Value 528 This field contains a set of attributes as follows: 530 Rule-IPv6-Prefix 531 This attribute contains the IPv6 prefix for use in the MAP rule. 532 Refer to Section 3.1.4.1. 534 Rule-IPv4-Prefix 535 This attribute contains the IPv4 prefix for use in the MAP rule. 536 Refer to Section 3.1.4.2. 538 EA-Length 539 This attribute contains the Embedded-Address (EA) bit length. 540 Refer to Section 3.1.4.1. 542 3.1.3.2. Softwire46-BR Attribute 544 Softwire46-BR can only be encapsulated in Softwire46-MAP-E 545 (Section 3.1.1.1) or Softwire46-Lightweight-4over6 (Section 3.1.1.3). 547 There MUST be at least one Softwire46-BR included in each 548 Softwire46-MAP-E or Softwire46-Lightweight-4over6. 550 The structure of Softwire46-BR is shown below: 552 TLV-Type 553 6 555 TLV-Length 556 18 octets 558 Data Type 559 The attribute Softwire46-BR is of type ip6addr (Section 3.9 of 560 [RFC8044]). 562 TLV-Value 563 br-ipv6-address. A fixed-length field of 16 octets that 564 specifies the IPv6 address for the Softwire46 Border Relay (BR). 566 3.1.3.3. Softwire46-DMR Attribute 568 Softwire46-DMR may only appear in Softwire46-MAP-T (Section 3.1.1.2). 569 There MUST be exactly one Softwire46-DMR included in one Softwire46- 570 MAP-T. 572 The structure of Softwire46-DMR is shown below: 574 TLV-Type 575 7 577 TLV-Length 578 4 + length of dmr-ipv6-prefix specified in octets. 580 Data Type 581 The attribute Softwire46-DMR is of type ip6pref (Section 3.10 of 582 [RFC8044]). 584 TLV-Value 585 dmr-ipv6-prefix. A variable-length (dmr-prefix6-len) field 586 specifying the IPv6 prefix for the BR. This field is right-padded 587 with zeros to the nearest octet boundary when dmr-prefix6-len 588 is not divisible by 8. Prefixes with from 0 to 96 are allowed. 590 3.1.3.4. Softwire46-V4V6Bind Attribute 592 Softwire46-V4V6Bind may only be encapsulated in Softwire46- 593 Lightweight-4over6 (Section 3.1.1.3). There MUST be exactly one 594 Softwire46-V4V6Bind included in each Softwire46-Lightweight-4over6. 596 The structure of Softwire46-V4V6Bind is shown below: 598 TLV-Type 599 8 601 TLV-Length 602 Indicates the length of this attribute, including 603 the TLV-Type, TLV-Length, and TLV-Value fields. 605 Data Type 606 The attribute Softwire46-V4V6Bind is of type tlv (Section 3.13 of 607 [RFC8044]). 609 TLV-Value 610 This field contains a set of attributes as follows: 612 IPv4-address 613 This attribute contains an IPv4 address, used to specify 614 the full or shared IPv4 address of the CE. Refer to 615 Section 3.1.5.1. 617 Bind-IPv6-Prefix 618 This attribute contains an IPv6 prefix used to indicate which 619 configured prefix the Softwire46 CE should use for constructing 620 the softwire. Refer to Section 3.1.5.2. 622 3.1.3.5. Softwire46-PORTPARAMS Attribute 624 Softwire46-PORTPARAMS is optional. It is used to specify port set 625 information for IPv4 address sharing between clients. 626 Softwire46-PORTPARAMS MAY be included in any of the Softwire46 627 attributes. 629 The structure of Softwire46-PORTPARAMS is shown below: 631 TLV-Type 632 9 634 TLV-Length 635 Indicates the length of this attribute, including 636 the TLV-Type, TLV-Length, and TLV-Value fields. 638 Data Type 639 The attribute Softwire46-PORTPARAMS is of type tlv (Section 3.13 640 of [RFC8044]). 642 TLV-Value 643 This field contains a set of attributes as follows: 645 PSID-offset 646 This attribute specifies the numeric value for the Softwire46 647 algorithm's excluded port range/offset bits (a bits). Refer to 648 Section 3.1.6.1. 650 PSID-len 651 This attribute specifies the number of significant bits in the 652 PSID field (also known as 'k'). Refer to Section 3.1.6.2. 654 PSID 655 This attribute specifies PSID value. Refer to Section 3.1.6.3. 657 3.1.4. Sub-Attributes for Sofwtire46-Rule 659 There are two types of Softwire46-Rule: the Basic Mapping Rule and 660 the Forwarding Mapping Rule, indicated by the value in the TLV-Type 661 field of Softwire46-Rule (Section 3.1.3.1). 663 Each type of Softwire46-Rule also contains a number of Sub-attributes 664 as detailed in the following sub-sections. 666 3.1.4.1. Rule-IPv6-Prefix Attribute 668 Rule-IPv6-Prefix is REQUIRED for every Softwire46-Rule. There MUST 669 be exactly one Rule-IPv6-Prefix encapsulated in each type of 670 Softwire46-Rule. 672 Rule-IPv6-Prefix follows the framed IPv6 prefix designed in [RFC3162] 673 and [RFC8044]. 675 The structure of Rule-IPv6-Prefix is shown below: 677 TLV-Type 678 10 680 TLV-Length 681 20 octets 683 Data Type 684 The attribute Rule-IPv6-Prefix is of type ipv6pref (Section 3.10 685 of [RFC8044]). 687 TLV-Value 688 rule-ipv6-prefix. 128-bits long field that specifies an IPv6 689 prefix appearing in the MAP rule. 691 3.1.4.2. Rule-IPv4-Prefix Attribute 693 This attribute is used to convey the MAP Rule IPv4 prefix. The 694 structure of Rule-IPv4-Prefix is shown below: 696 TLV-Type 697 11 699 TLV-Length 700 8 octets 702 Data Type 703 The attribute Rule-IPv4-Prefix is of type ipv4pref (Section 3.11 704 of [RFC8044]). 706 TLV-Value 707 rule-ipv4-prefix. 32-bits long. Specifies the IPv4 prefix 708 appearing in the MAP rule. 710 3.1.4.3. EA-Length Attribute 712 This attribute is used to convey the Embedded-Address(EA) bit length. 713 The structure of EA-Length is shown below: 715 TLV-Type 716 12 718 TLV-Length 719 6 octets 721 Data Type 722 The attribute EA-Length is of type integer (Section 3.1 of 723 [RFC8044]). 725 TLV-Value 726 EA-len; 32-bits long. Specifies the Embedded-Address(EA) bit 727 length. Allowed values range from 0 to 48. 729 3.1.5. Attributes for Softwire46-v4v6Bind 731 3.1.5.1. IPv4-address Attribute 733 The IPv4-address MAY be used to specify the full or shared IPv4 734 address of the CE. 736 The structure of IPv4-address is shown below: 738 TLV-Type 739 13 741 TLV-Length 742 6 octets 744 Data Type 745 The attribute IPv4-address is of type ipv4addr (Section 3.8 746 of [RFC8044]). 748 TLV-Value 749 32-bits long. Specifies the IPv4 address (ipv4-address) to 750 appear in Softwire46-V4V6Bind (Section 3.1.3.4). 752 3.1.5.2. Bind-IPv6-Prefix Attribute 754 The Bind-IPv6-Prefix is used by the CE to identify the correct IPv6 755 prefix to be used as the tunnel source. 757 The structure of Bind-IPv6-Prefix is shown below: 759 TLV-Type 760 14 762 TLV-Length 763 4 + length of bind-ipv6-prefix specified in octets. 765 Data Type 766 The attribute Bind-IPv6-Prefix is of type ipv6pref (Section 3.10 767 of [RFC8044]). 769 TLV-Value 770 bind-ipv6-prefix. A variable-length field specifying the IPv6 771 prefix or address for the Softwire46 CE. This field is 772 right-padded with zeros to the nearest octet boundary 773 when bindprefix6-len is not divisible by 8. 775 3.1.6. Attributes for S46-PORTPARAMS 777 3.1.6.1. PSID-offset Attribute 779 This attribute is used to convey the Port Set Identifier offset as 780 defined in [RFC7597]. This attribute is encoded 32 bits as per the 781 recommendation in Appendix A.2.1 of [RFC6158]. 783 The structure of PSID-offset is shown below: 785 TLV-Type 786 15 788 TLV-Length 789 6 octets 791 Data Type 792 The attribute PSID-offset is of type integer (Section 3.1 793 of [RFC8044]). 795 TLV-Value 796 Contains the PSID-Offset (8-bits) right 797 justified, and the unused bits in this field MUST 798 be set to zero. This field that specifies the 799 numeric value for the Softwire46 algorithm's excluded 800 port range/offset bits (a bits), as per Section 5.1 801 of RFC7597. Allowed values are between 0 and 15. 802 Default values for this field are specific to the 803 Softwire mechanism being implemented and are defined 804 in the relevant specification document. 806 3.1.6.2. PSID-len Attribute 808 This attribute is used to convey the PSID length as defined in 809 [RFC7597]. This attribute is encoded 32 bits as per the 810 recommendation in Appendix A.2.1 of [RFC6158]. 812 The structure of PSID-len is shown below: 814 TLV-Type 815 16 817 TLV-Length 818 6 octets 820 Data Type 821 The attribute PSID-len is of type integer (Section 3.1 822 of [RFC8044]). 824 TLV-Value 825 Contains the PSID-len (8-bits) right 826 justified, and the unused bits in this field MUST 827 be set to zero. This field specifies the number of 828 significant bits in the PSID field (also known as 829 'k'). When set to 0, the PSID field is to be ignored. 830 After the first 'a' bits, there are k bits in the 831 port number representing the value of the PSID. 832 Subsequently, the address sharing ratio would be 833 2^k. 835 3.1.6.3. PSID Attribute 837 This attribute is used to convey the PSID as defined in [RFC7597]. 838 This attribute is encoded 32 bits as per the recommendation in 839 Appendix A.2.1 of [RFC6158]. 841 The structure of PSID is shown below: 843 TLV-Type 844 17 846 TLV-Length 847 6 octets 849 Data Type 850 The attribute Bind-IPv6-Prefix is of type integer (Section 3.1 851 of [RFC8044]). 853 TLV-Value 854 Contains the PSID (16-bits) right justified, and the unused bits 855 in this field MUST be set to zero. 856 The PSID value algorithmically identifies a set of ports 857 assigned to a CE. The first k bits on the left of this 858 2-octet field is the PSID value. The remaining (16-k) bits 859 on the right are padding zeros. 861 3.2. Softwire46-Priority Attribute 863 The Softwire46-Priority Attribute includes an ordered list of 864 Softwire64 mechanisms allowing the client to prioritize which 865 mechanism to use, corresponding to OPTION_S46_PRIORITY defined in 866 [RFC8026]. The following requirements apply: 868 The Softwire46-Priority Attribute MAY appear in an Access-Accept 869 packet. It MAY also appear in an Access-Request packet. 871 The Softwire46-Priority Attribute MAY appear in a CoA-Request 872 packet. 874 The Softwire46-Priority Attribute MAY appear in an Accounting- 875 Request packet. 877 The Softwire46-Priority Attribute MUST NOT appear in any other 878 RADIUS packet. 880 The Softwrie46-Priority Attribute is structured as follows: 882 Type 883 241 (To be confirmed by IANA) 885 Length 886 Indicates the length of this attribute, 887 including the Type, Length, Extended-Type and Value fields. 889 Extended-Type 890 TBD5 892 TLV-Value 893 The attribute includes one or more Softwire46-Option-Code TLVs: 894 A Softwire46-Priority Attribute MUST contain at least one 895 Softwire46-Option-Code TLV (Section 3.2.1). 897 Softwire46 mechanisms are prioritized in the appearance order 898 of the in the Softwire46-Priority Attribute. 900 The Softwire46-Priority Attribute is associated with the following 901 identifier: 241.Extended-Type (TBD5). 903 3.2.1. Softwire46-Option-Code 905 This attribute is used to convey an option code assigned to a 906 Softwire64 mechanism [RFC8026]. This attribute is encoded 32 bits as 907 per the recommendation in Appendix A.2.1 of [RFC6158]. 909 The structure of Softwire46-Option-Code is shown below: 911 TLV-Type 912 18 914 TLV-Length 915 6 octets 917 Data Type 918 The attribute Softwire46-Option-Code is of type integer 919 (Section 3.1 of [RFC8044]). 921 TLV-Value 922 A 32-bit IANA-registered option code representing a Softwire46 923 mechanism (Softwire46-option-code). The codes and their 924 corresponding Softwire46 mechanisms are listed in Section 7.3. 926 3.3. Softwire46-Multicast Attribute 928 The Softwire46-Multicast Attribute conveys the IPv6 prefixes to be 929 used to synthesize multicast and unicast IPv4-embedded IPv6 addresses 930 as per [RFC8114]. This attribute is of type "tlv" and contains 931 additional TLVs. The following requirements apply: 933 The BNG SHALL use the IPv6 prefixes returned in the RADIUS 934 Softwire46-Multicast Attribute to populate the DHCPv6 PREFIX64 935 Option [RFC8115]. 937 This attribute MAY be used in Access-Request packets as a hint to 938 the RADIUS server. For example, if the BNG is pre-configured for 939 Softwire46-Multicast, these prefixes MAY be inserted in the 940 attribute. The RADIUS server MAY ignore the hint sent by the BNG, 941 and it MAY assign a different Softwire46-Multicast Attribute. 943 The Softwire46-Multicast Attribute MAY appear in an Access- 944 Request, Access-Accept, CoA-Request, and Accounting-Request 945 packet. 947 The Softwire46-Multicast Attribute MUST NOT appear in any other 948 RADIUS packet. 950 The Softwire46-Multicast Attribute MAY contain ASM-Prefix64 951 (Section 3.3.1), SSM-Prefix64 (Section 3.3.2), and U-Prefix64 952 (Section 3.3.3). 954 The Softwire46-Multicast Attribute MUST include ASM-Prefix64 or 955 SSM-Prefix64, and it MAY include both. 957 The U-Prefix64 MUST be present when SSM-Prefix64 is present. 958 U-Prefix64 MAY be present when ASM-Prefix64 is present. 960 The Softwire46-Multicast Attribute is structured as follows: 962 Type 963 241 (To be confirmed by IANA) 965 Length 966 This field indicates the total length in bytes of all fields of 967 this attribute, including the Type, Length, Extended-Type, and the 968 entire length of the embedded attributes. 970 Extended-Type 971 TBD6 973 Value 974 This field contains a set of attributes as follows: 976 ASM-Prefix64 977 This attribute contains the ASM IPv6 prefix. Refer to 978 Section 3.3.1. 980 SSM-Prefix64 981 This attribute contains the SSM IPv6 prefix. Refer to 982 Section 3.3.2. 984 U-Prefix64 985 This attribute contains the IPv4 prefix used for address 986 translation. Refer to Section 3.3.3. 988 The Softwire46-Multicast Attribute is associated with the following 989 identifier: 241.Extended-Type(TBD6). 991 3.3.1. ASM-Prefix64 Attribute 993 The ASM-Prefix64 attribute is structured as follows: 995 TLV-Type 996 19 998 TLV-Length 999 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1001 Data Type 1002 The attribute ASM-Prefix64 is of type ipv6prefix (Section 3.10 of 1003 [RFC8044]). 1005 TLV-Value 1006 This field specifies the IPv6 multicast prefix (asm-prefix64) 1007 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1008 multicast groups in the ASM mode. The conveyed multicast IPv6 1009 prefix MUST belong to the ASM range. 1011 3.3.2. SSM-Prefix64 Attribute 1013 The SSM-Prefix64 attribute is structured as follows: 1015 Type 1016 20 1018 TLV-Length 1019 16 octets. The length of ssm-prefix64 must be to 96 [RFC8115]. 1021 Data Type 1022 The attribute SSM-Prefix64 is of type ipv6prefix (Section 3.10 of 1023 [RFC8044]). 1025 TLV-Type 1026 This field specifies the IPv6 multicast prefix (ssm-prefix64) 1027 to be used to synthesize the IPv4-embedded IPv6 addresses of the 1028 multicast groups in the SSM mode. The conveyed multicast IPv6 1029 prefix MUST belong to the SSM range. 1031 3.3.3. U-Prefix64 Attribute 1033 The structure of U-Prefix64 is shown below: 1035 TLV-Type 1036 21 1038 TLV-Length 1039 4 + length of unicast-prefix. As specified in [RFC6052], 1040 the unicast-prefix prefix-length MUST be set to 32, 40, 48, 1041 56, 64, or 96. 1043 Data Type 1044 The attribute U-Prefix64 is of type ipv6prefix (Section 3.10 of 1045 [RFC8044]). 1047 TLV-Value 1048 This field identifies the IPv6 unicast prefix (u-prefix64) to 1049 be used in SSM mode for constructing the IPv4-embedded IPv6 1050 addresses representing the IPv4 multicast sources in the IPv6 1051 domain. It may also be used to extract the IPv4 address from the 1052 received multicast data flows. 1054 4. A Sample Configuration Process with RADIUS 1056 Figure 2 illustrates how the RADIUS and DHCPv6 protocols interwork to 1057 provide CE with softwire configuration information. 1059 CE BNG AAA Server 1060 | | | 1061 |-------1.DHCPv6 Solicit------->| | 1062 |(ORO with unicast and/or m'cast| | 1063 | container option code(s)) | | 1064 | | | 1065 | |-------2.Access-Request------->| 1066 | | (Softwire46-Configuration | 1067 | | Attribute and/or | 1068 | |Softwire46-Multicast Attribute)| 1069 | | | 1070 | |<------3.Access-Accept---------| 1071 | | (Softwire46-Configuration | 1072 | | Attribute and/or | 1073 | |Softwire46-Multicast Attribute)| 1074 | | | 1075 |<----4.DHCPv6 Advertisement----| | 1076 | (container option(s)) | | 1077 | | | 1078 |-------5.DHCPv6 Request------>| | 1079 | (container Option(s)) | | 1080 | | | 1081 |<--------6.DHCPv6 Reply--------| | 1082 | (container option(s)) | | 1083 | | | 1084 DHCPv6 RADIUS 1086 Figure 2: Interaction between DHCPv6 and AAA Server with RADIUS 1087 authentication 1089 1. The CE creates a DHCPv6 Solicit message. For unicast softwire 1090 configuration, the message includes an OPTION_REQUEST_OPTION (6) 1091 with the Softwire46 Container option codes as defined in 1092 [RFC7598]. OPTION_S46_CONT_MAPE (94) should be included for MAP- 1093 E, OPTION_S46_CONT_MAPT (95) for MAP-T, and OPTION_S46_CONT_LW 1094 (96) for Lightweight 4over6. For multicast configuration, the 1095 option number for OPTION_V6_PREFIX64 (113) is included in the 1096 client's ORO. The message is sent to the BNG. 1098 2. On receipt of the Solicit message, the BNG constructs a RADIUS 1099 Access-Request message containing a User-Name Attribute (1) 1100 (containing either a CE MAC address, interface-id or both), a 1101 User-Password Attribute (2) (with a pre-configured shared 1102 password as defined in [RFC2865]. The Softwire46-Configuration 1103 Attribute and/or Softwire46-Multicast Attribute are also included 1104 (as requested by the client). The resulting message is sent to 1105 the AAA server. 1107 3. The AAA server authenticates the request. If this is successful, 1108 and suitable configuration is available, an Access-Accept message 1109 is sent to the BNG containing the requested 1110 Softwire46-Configuration Attribute or Softwire46-Multicast 1111 Attribute. It is the responsibility of the AAA server to ensure 1112 the consistency of the provided configuration. 1114 4. The BNG maps the received softwire configuration into the 1115 corresponding fields in the DHCPv6 softwire configuration 1116 option(s). These are included in the DHCPv6 Advertise message 1117 which is sent to the CE. 1119 5. The CE sends a DHCPv6 Request message. In the ORO, the option 1120 code(s) of any of the required softwire options that were 1121 received in the Advertise message are included. 1123 6. The BNG sends a Reply message to the client containing the 1124 softwire container options enumerated in the ORO. 1126 The authorization operation could also be done independently, after 1127 the authentication process. In this case, steps 1-5 are completed as 1128 above, then the following steps are performed: 1130 6a. When the BNG receives the DHCPv6 Request, it constructs a RADIUS 1131 Access-Request message, which contains a Service-Type Attribute 1132 (6) with the value "Authorize Only" (17), the corresponding 1133 Softwire46-Configuration Attribute, and a State Attribute 1134 obtained from the previous authentication process according to 1135 [RFC5080]. The resulting message is sent to the AAA server. 1137 7a. The AAA checks the authorization request. If it is approved, an 1138 Access-Accept message is returned to the BNG with the 1139 corresponding Softwire46-Configuration Attribute. 1141 8a. The BNG sends a Reply message to the client containing the 1142 softwire container options enumerated in the ORO. 1144 In addition to the above, the following points need to be considered: 1146 o In both the configuration message flows described above the 1147 Message-authenticator (type 80) [RFC2869] SHOULD be used to 1148 protect both Access-Request and Access-Accept messages. 1150 o If the BNG does not receive the corresponding 1151 Softwire46-Configuration Attribute in the Access-Accept message it 1152 MAY fall back to creating the DHCPv6 softwire configuration 1153 options using pre-configured Softwire46 configuration, if this is 1154 present. 1156 o If the BNG receives an Access-Reject from the AAA server, then 1157 Softwire46 configuration MUST NOT be supplied to the client. 1159 o As specified in [RFC8415], Section 18.2.5, "Creation and 1160 Transmission of Rebind Messages", if the DHCPv6 server to which 1161 the DHCPv6 Renew message was sent at time T1 has not responded by 1162 time T2, the CE (DHCPv6 client) SHOULD enter the Rebind state and 1163 attempt to contact any available server. In this situation, a 1164 secondary BNG receiving the DHCPv6 message MUST initiate a new 1165 Access-Request message towards the AAA server. The secondary BNG 1166 includes the Softwire46-Configuration Attribute in this Access- 1167 Request message. 1169 o For Lightweight 4over6, the subscriber's binding state needs to be 1170 synchronized between the clients and the lwAFTR/BR. This can be 1171 achieved in two ways: static pre-configuration of the bindings on 1172 both the AAA server and lwAFTR, or on-demand whereby the AAA 1173 server updates the lwAFTR with the subscriber's binding state as 1174 it is created or deleted. 1176 In some deployments, the DHCP server may use the Accounting-Request 1177 to report to a AAA server the softwire configuration returned to a 1178 requesting host. It is the responsibility of the DHCP server to 1179 ensure the consistency of the configuration provided to requesting 1180 hosts. Reported data to a AAA server may be required for various 1181 operational purposes (e.g., regulatory). 1183 5. Table of Attributes 1185 This document specifies three new RADIUS attributes, and their 1186 formats are as follows: 1188 o Softwire46-Configuration Attribute: 241.TBD1 1190 o Softwire46-Priority Attribute: 241.TBD5 1192 o Softwire46-Multicast Attribute: 241.TBD6 1194 Table 3 describes which attributes may be found, in which kinds of 1195 packets and in what quantity. 1197 Request Accept Reject Challenge Acct CoA- # Attribute 1198 Req Req 1199 0-1 0-1 0 0 0-1 0-1 241.TBD1 Softwire46- 1200 Configuration 1201 0-1 0-1 0 0 0-1 0-1 241.TBD5 Softwire46- 1202 Priority 1203 0-1 0-1 0 0 0-1 0-1 241.TBD6 Softwire46- 1204 Multicast 1206 Table 3: Table of Attributes 1208 6. Security Considerations 1210 Known security vulnerabilities of the RADIUS protocol are discussed 1211 in [RFC2607], [RFC2865], and[RFC2869]. Use of IPsec [RFC4301] for 1212 providing security when RADIUS is carried in IPv6 is discussed in 1213 [RFC3162]. 1215 Specific security considerations for interactions between the MAP CE 1216 and the BNG are discussed in [RFC7597] and [RFC7599]. Security 1217 considerations for Lightweight 4over6 are discussed in [RFC7596]. 1218 Security considerations for DHCPv6-Based Softwire46 Prioritization 1219 Mechanism are discussed in [RFC8026]. Security considerations for 1220 multicast scenarios are discussed in [RFC8114]. Furthermore, generic 1221 DHCPv6 security mechanisms can be applied to DHCPv6 1222 intercommunication between the CE and the BNG. 1224 7. IANA Considerations 1226 IANA is requested to make new code point assignments for RADIUS 1227 attributes as described in the following subsections. 1229 7.1. New RADIUS Attributes 1231 This document requests IANA to assign the Attribute Types defined in 1232 this document from the RADIUS namespace as described in the "IANA 1233 Considerations" section of [RFC3575], in accordance with BCP 26 1234 [RFC8126]. 1236 This document requests that IANA register three new RADIUS 1237 attributes, from the "Short Extended Space" of [RFC6929]. The 1238 attributes are: Softwire46-Configuration Attribute, 1239 Softwire46-Priority Attribute, and Softwire46-Multicast Attribute: 1241 Type Description Data Type Reference 1242 ---- ----------- --------- --------- 1243 241.TBD1 Softwire46-Configuration tlv Section 3.1 1244 241.TBD5 Softwire46-Priority tlv Section 3.2 1245 241.TBD6 Softwire46-Multicast tlv Section 3.3 1247 7.2. RADIUS Softwire46 Configuration and Multicast Attributes 1249 IANA is requested to create a new registry called "RADIUS Softwire46 1250 Configuration and Multicast Attributes". 1252 All attributes in this registry have one or more parent RADIUS 1253 attributes in nesting (refer to [RFC6929]). 1255 This registry must be initially populated with the following values: 1257 Value Description Data Type Reference 1258 ----- ----------- --------- --------- 1259 0 Reserved 1260 1 Softwire46-MAP-E tlv Section 3.1.1.1 1261 2 Softwire46-MAP-T tlv Section 3.1.1.2 1262 3 Softwire46-Lightweight-4over6 tlv Section 3.1.1.3 1263 4 Softwire46-Rule tlv Section 3.1.3.1 1264 5 Softwire46-Rule tlv Section 3.1.3.1 1265 6 Softwire46-BR ipv6addr Section 3.1.3.2 1266 7 Softwire46-DMR ipv6prefix Section 3.1.3.3 1267 8 Softwire46-V4V6Bind tlv Section 3.1.3.4 1268 9 Softwire46-PORTPARAMS tlv Section 3.1.3.5 1269 10 Rule-IPv6-Prefix ipv6prefix Section 3.1.4.1 1270 11 Rule-IPv4-Prefix ipv4prefix Section 3.1.4.2 1271 12 EA-Length integer Section 3.1.4.3 1272 13 IPv4-address ipv4addr Section 3.1.5.1 1273 14 Bind-IPv6-Prefix ipv6prefix Section 3.1.5.2 1274 15 PSID-offset integer Section 3.1.6.1 1275 16 PSID-len integer Section 3.1.6.2 1276 17 PSID integer Section 3.1.6.3 1277 18 Softwire64-Option-Code integer Section 3.2.1 1278 19 ASM-Prefix64 ipv6prefix Section 3.3.1 1279 20 SSM-Prefix64 ipv6prefix Section 3.3.2 1280 21 U-Prefix64 ipv6prefix Section 3.3.3 1281 22-255 Unassigned 1283 The registration procedure for this registry is Standards Action as 1284 defined in [RFC8126]. 1286 7.3. Softwire46 Mechanisms and Their Identifying Option Codes 1288 The Softwire46-Priority Attribute defines a 16-bit Softwire46-option- 1289 code field, for which IANA is requested to create and maintain a new 1290 registry entitled "Option Codes Permitted in the Softwire46-Priority 1291 Attribute". The registration procedure for this registry is 1292 Standards Action as defined in [RFC8126]. 1294 This document requests IANA to register the three option codes of the 1295 Softwire46 mechanisms permitted to be included in the 1296 Softwire46-Priority Attribute. The value of option code corresponds 1297 to the TLV-Type defined in Section 3.1.1. Additional options may be 1298 added to this list in the future using the IETF Review process 1299 described in Section 4.8 of [RFC8126]. 1301 Table 4 shows the option codes required, and the Softwire46 1302 mechanisms that they represent. The option code for DS-Lite is 1303 derived from the IANA allocated RADIUS Attribute Type value for DS- 1304 Lite [RFC6519]. The option codes for MAP-E, MAP-T, and Lightweight 1305 4over6 need to be assigned. The option codes for MAP-E, MAP-T, and 1306 Lightweight 4over6 should also be used as the TLV-Type values for the 1307 MAP-E, MAP-T, and Lightweight 4over6 attributes defined in 1308 Section 3.1.1. 1310 +-----------+--------------------+-----------+ 1311 |Option Code|Softwire46 Mechanism| Reference | 1312 +-----------+--------------------+-----------+ 1313 | TBD2 | MAP-E | RFC7597 | 1314 | TBD3 | MAP-T | RFC7599 | 1315 | TBD4 | Lightweight 4over6 | RFC7596 | 1316 | 144 | DS-Lite | RFC6519 | 1317 +--------------------------------+-----------+ 1319 Table 4: Option Codes to S46 Mechanisms 1321 8. Contributing Authors 1322 Qiong Sun 1323 China Telecom 1324 Beijing China 1325 Email: sunqiong@ctbri.com.cn 1327 Qi Sun 1328 Tsinghua University 1329 Department of Computer Science, Tsinghua University 1330 Beijing 100084 1331 P.R.China 1332 Phone: +86-10-6278-5822 1333 Email: sunqibupt@gmail.com 1335 Cathy Zhou 1336 Huawei Technologies 1337 Bantian, Longgang District 1338 Shenzhen 518129 1339 Email: cathy.zhou@huawei.com 1341 Tina Tsou 1342 Huawei Technologies(USA) 1343 2330 Central Expressway 1344 Santa Clara, CA 95050 1345 USA 1346 Email: Tina.Tsou.Zouting@huawei.com 1348 ZiLong Liu 1349 Tsinghua University 1350 Beijing 100084 1351 P.R.China 1352 Phone: +86-10-6278-5822 1353 Email: liuzilong8266@126.com 1355 Yong Cui 1356 Tsinghua University 1357 Beijing 100084 1358 P.R.China 1359 Phone: +86-10-62603059 1360 Email: yong@csnet1.cs.tsinghua.edu.cn 1362 9. Acknowledgements 1364 The authors would like to thank the valuable comments made by Peter 1365 Lothberg, Wojciech Dec, Ian Farrer, Suresh Krishnan, Qian Wang, Wei 1366 Meng, Cui Wang, Alan Dekok, Stefan Winter, and Yu Tianpeng to this 1367 document. 1369 This document was merged with draft-sun-softwire-lw4over6-radext-01 1370 and draft-wang-radext-multicast-radius-ext-00, thanks to everyone who 1371 contributed to this document. 1373 This document was produced using the xml2rfc tool [RFC7991]. 1375 Many thanks to Al Morton and Bernie Volz for the review. 1377 10. References 1379 10.1. Normative References 1381 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 1382 Requirement Levels", BCP 14, RFC 2119, 1383 DOI 10.17487/RFC2119, March 1997, 1384 . 1386 [RFC2865] Rigney, C., Willens, S., Rubens, A., and W. Simpson, 1387 "Remote Authentication Dial In User Service (RADIUS)", 1388 RFC 2865, DOI 10.17487/RFC2865, June 2000, 1389 . 1391 [RFC3162] Aboba, B., Zorn, G., and D. Mitton, "RADIUS and IPv6", 1392 RFC 3162, DOI 10.17487/RFC3162, August 2001, 1393 . 1395 [RFC3575] Aboba, B., "IANA Considerations for RADIUS (Remote 1396 Authentication Dial In User Service)", RFC 3575, 1397 DOI 10.17487/RFC3575, July 2003, 1398 . 1400 [RFC5080] Nelson, D. and A. DeKok, "Common Remote Authentication 1401 Dial In User Service (RADIUS) Implementation Issues and 1402 Suggested Fixes", RFC 5080, DOI 10.17487/RFC5080, December 1403 2007, . 1405 [RFC6052] Bao, C., Huitema, C., Bagnulo, M., Boucadair, M., and X. 1406 Li, "IPv6 Addressing of IPv4/IPv6 Translators", RFC 6052, 1407 DOI 10.17487/RFC6052, October 2010, 1408 . 1410 [RFC6158] DeKok, A., Ed. and G. Weber, "RADIUS Design Guidelines", 1411 BCP 158, RFC 6158, DOI 10.17487/RFC6158, March 2011, 1412 . 1414 [RFC6929] DeKok, A. and A. Lior, "Remote Authentication Dial In User 1415 Service (RADIUS) Protocol Extensions", RFC 6929, 1416 DOI 10.17487/RFC6929, April 2013, 1417 . 1419 [RFC8026] Boucadair, M. and I. Farrer, "Unified IPv4-in-IPv6 1420 Softwire Customer Premises Equipment (CPE): A DHCPv6-Based 1421 Prioritization Mechanism", RFC 8026, DOI 10.17487/RFC8026, 1422 November 2016, . 1424 [RFC8044] DeKok, A., "Data Types in RADIUS", RFC 8044, 1425 DOI 10.17487/RFC8044, January 2017, 1426 . 1428 [RFC8114] Boucadair, M., Qin, C., Jacquenet, C., Lee, Y., and Q. 1429 Wang, "Delivery of IPv4 Multicast Services to IPv4 Clients 1430 over an IPv6 Multicast Network", RFC 8114, 1431 DOI 10.17487/RFC8114, March 2017, 1432 . 1434 [RFC8115] Boucadair, M., Qin, J., Tsou, T., and X. Deng, "DHCPv6 1435 Option for IPv4-Embedded Multicast and Unicast IPv6 1436 Prefixes", RFC 8115, DOI 10.17487/RFC8115, March 2017, 1437 . 1439 [RFC8126] Cotton, M., Leiba, B., and T. Narten, "Guidelines for 1440 Writing an IANA Considerations Section in RFCs", BCP 26, 1441 RFC 8126, DOI 10.17487/RFC8126, June 2017, 1442 . 1444 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 1445 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 1446 May 2017, . 1448 [RFC8415] Mrugalski, T., Siodelski, M., Volz, B., Yourtchenko, A., 1449 Richardson, M., Jiang, S., Lemon, T., and T. Winters, 1450 "Dynamic Host Configuration Protocol for IPv6 (DHCPv6)", 1451 RFC 8415, DOI 10.17487/RFC8415, November 2018, 1452 . 1454 10.2. Informative References 1456 [RFC2607] Aboba, B. and J. Vollbrecht, "Proxy Chaining and Policy 1457 Implementation in Roaming", RFC 2607, 1458 DOI 10.17487/RFC2607, June 1999, 1459 . 1461 [RFC2869] Rigney, C., Willats, W., and P. Calhoun, "RADIUS 1462 Extensions", RFC 2869, DOI 10.17487/RFC2869, June 2000, 1463 . 1465 [RFC4301] Kent, S. and K. Seo, "Security Architecture for the 1466 Internet Protocol", RFC 4301, DOI 10.17487/RFC4301, 1467 December 2005, . 1469 [RFC6333] Durand, A., Droms, R., Woodyatt, J., and Y. Lee, "Dual- 1470 Stack Lite Broadband Deployments Following IPv4 1471 Exhaustion", RFC 6333, DOI 10.17487/RFC6333, August 2011, 1472 . 1474 [RFC6346] Bush, R., Ed., "The Address plus Port (A+P) Approach to 1475 the IPv4 Address Shortage", RFC 6346, 1476 DOI 10.17487/RFC6346, August 2011, 1477 . 1479 [RFC6519] Maglione, R. and A. Durand, "RADIUS Extensions for Dual- 1480 Stack Lite", RFC 6519, DOI 10.17487/RFC6519, February 1481 2012, . 1483 [RFC7596] Cui, Y., Sun, Q., Boucadair, M., Tsou, T., Lee, Y., and I. 1484 Farrer, "Lightweight 4over6: An Extension to the Dual- 1485 Stack Lite Architecture", RFC 7596, DOI 10.17487/RFC7596, 1486 July 2015, . 1488 [RFC7597] Troan, O., Ed., Dec, W., Li, X., Bao, C., Matsushima, S., 1489 Murakami, T., and T. Taylor, Ed., "Mapping of Address and 1490 Port with Encapsulation (MAP-E)", RFC 7597, 1491 DOI 10.17487/RFC7597, July 2015, 1492 . 1494 [RFC7598] Mrugalski, T., Troan, O., Farrer, I., Perreault, S., Dec, 1495 W., Bao, C., Yeh, L., and X. Deng, "DHCPv6 Options for 1496 Configuration of Softwire Address and Port-Mapped 1497 Clients", RFC 7598, DOI 10.17487/RFC7598, July 2015, 1498 . 1500 [RFC7599] Li, X., Bao, C., Dec, W., Ed., Troan, O., Matsushima, S., 1501 and T. Murakami, "Mapping of Address and Port using 1502 Translation (MAP-T)", RFC 7599, DOI 10.17487/RFC7599, July 1503 2015, . 1505 [RFC7991] Hoffman, P., "The "xml2rfc" Version 3 Vocabulary", 1506 RFC 7991, DOI 10.17487/RFC7991, December 2016, 1507 . 1509 Appendix A. DHCPv6 to RADIUS Field Mappings 1511 The following sections detail the mappings between the softwire 1512 DHCPv6 option fields and the relevant RADIUS attributes as defined in 1513 this document. 1515 A.1. OPTION_S46_RULE (89) to Softwire46-Rule Sub-TLV Field Mappings 1517 +---------------------+----------------------+----------------------+ 1518 | OPTION_S46_RULE | Softwire46-Rule Name | TLV Subfield | 1519 | Field | | | 1520 +---------------------+----------------------+----------------------+ 1521 | flags | N/A | TLV-type (TBD7, | 1522 | | | TBD8) | 1523 | ea-len | EA-Length | EA-len | 1524 | prefix4-len | Rule-IPv4-Prefix | Prefix-Length | 1525 | ipv4-prefix | Rule-IPv4-Prefix | rule-ipv4-prefix | 1526 | prefix6-len | Rule-IPv6-Prefix | Prefix-Length | 1527 | ipv6-prefix | Rule-IPv6-Prefix | rule-ipv6-prefix | 1528 +---------------------+----------------------+----------------------+ 1530 A.2. OPTION_S46_BR (90) to Softwire46-BR Field Mappings 1532 +---------------------+------------------------+ 1533 | OPTION_S46_BR Field | Softwire46-BR Subfield | 1534 +---------------------+------------------------+ 1535 | br-ipv6-address | br-ipv6-address | 1536 +---------------------+------------------------+ 1538 A.3. OPTION_S46_DMR (91) to Softwire46-DMR 1540 +---------------------+-------------------------+ 1541 | OPTION_S46_BR Field | Softwire46-DMR Subfield | 1542 +---------------------+-------------------------+ 1543 | dmr-prefix6-len | dmr-prefix6-len | 1544 | dmr-ipv6-prefix | dmr-ipv6-prefix | 1545 +---------------------+-------------------------+ 1547 A.4. OPTION_S46_V4V6BIND (92) to Softwire46-V4V6Bind 1549 +-----------------------+------------------------+------------------+ 1550 | OPTION_S46_V4V6BIND | Softwire46-V4V6Bind | TLV Subfield | 1551 | Field | Name | | 1552 +-----------------------+------------------------+------------------+ 1553 | ipv4-address | IPv4-address | ipv4-address | 1554 | bindprefix6-len | Bind-IPv6-Prefix | Prefix-Length | 1555 | bind-ipv6-prefix | Bind-IPv6-Prefix | bind-ipv6-prefix | 1556 +-----------------------+------------------------+------------------+ 1558 A.5. OPTION_S46_PORTPARAMS (93) to Softwire46-PORTPARAMS Field Mappings 1560 +--------------------------+--------------------------+-------------+ 1561 | OPTION_S46_PORTPARAMS | Softwire46-PORTPARAMS | TLV | 1562 | Field | Name | Subfield | 1563 +--------------------------+--------------------------+-------------+ 1564 | offset | PSID-offset | PSID-Offset | 1565 | PSID-len | PSID-len | PSID-len | 1566 | PSID | PSID | PSID | 1567 +--------------------------+--------------------------+-------------+ 1569 A.6. OPTION_S46_PRIORITY (111) to Softwire46-PORTPARAMS Field Mappings 1571 +---------------------------+---------------------------------------+ 1572 | OPTION_S46_PRIORITY Field | Softwire46-Priority Attribute | 1573 | | Subfield | 1574 +---------------------------+---------------------------------------+ 1575 | s46-option-code | Softwire46-option-code | 1576 +---------------------------+---------------------------------------+ 1578 A.7. OPTION_V6_PREFIX64 (113) to Softwire46-Multicast Attribute Field 1579 Mappings 1581 +--------------------+------------------------------+---------------+ 1582 | OPTION_V6_PREFIX64 | Softwire46-Multicast | TLV Subfield | 1583 | Field | Attribute TLV Name | | 1584 +--------------------+------------------------------+---------------+ 1585 | asm-length | ASM-Prefix64 | Prefix-Length | 1586 | ASM_mPrefix64 | ASM-Prefix64 | asm-prefix64 | 1587 | ssm-length | SSM-Prefix64 | Prefix-Length | 1588 | SSM_mPrefix64 | SSM-Prefix64 | ssm-prefix64 | 1589 | unicast-length | U-Prefix64 | Prefix-Length | 1590 | uPrefix64 | U-Prefix64 | u-prefix64 | 1591 +--------------------+------------------------------+---------------+ 1593 Authors' Addresses 1595 Sheng Jiang 1596 Huawei Technologies Co., Ltd 1597 Q14, Huawei Campus, No.156 Beiqing Road 1598 Hai-Dian District, Beijing, 100095 1599 P.R. China 1601 Email: jiangsheng@huawei.com 1602 Yu Fu 1603 CNNIC 1604 No.4 South 4th Street, Zhongguancun 1605 Hai-Dian District, Beijing, 100190 1606 P.R. China 1608 Email: eleven711711@foxmail.com 1610 Bing Liu 1611 Huawei Technologies Co., Ltd 1612 Q14, Huawei Campus, No.156 Beiqing Road 1613 Hai-Dian District, Beijing, 100095 1614 P.R. China 1616 Email: leo.liubing@huawei.com 1618 Peter Deacon 1619 IEA Software, Inc. 1620 P.O. Box 1170 1621 Veradale, WA 99037 1622 USA 1624 Email: peterd@iea-software.com 1626 Chongfeng Xie 1627 China Telecom 1628 Beijing 1629 P.R. China 1631 Email: xiechf.bri@chinatelecom.cn 1633 Tianxiang Li 1634 Tsinghua University 1635 Beijing 100084 1636 P.R.China 1638 Email: peter416733@gmail.com 1639 Mohamed Boucadair (editor) 1640 Orange 1641 Rennes, 35000 1642 France 1644 Email: mohamed.boucadair@orange.com